Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: V, Issue: 22
June 5, 2006

SANS Newsletters Home

Another week with more than 100 new vulnerabilities discovered. Especially noteworthy are the Firefox, F-Secure and imap problems

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 7 (#4, #5)
    • Linux
    • 10
    • BSD
    • 2
    • Aix
    • 1
    • Unix
    • 1
    • Cross Platform
    • 11 (#1, #2, #3, #6)
    • Web Application - Cross Site Scripting
    • 19
    • Web Application - SQL Injection
    • 18
    • Web Application
    • 41

************************ Sponsored By Sourcefire ************************

Sourcefire, the creator of Snort®, is offering the Open Source Snort community two comprehensive courses: "Snort: Building and Operating" and "Snort Rules."

Purchase both Snort courses either as an instructor-led or 60-day online training bundle and receive a FREE Snort Certified Professional exam (save $395).

For more information contact Sourcefire Training at 800.501.6008 or visit: http://www.sans.org/info.php?id=1180

*************************************************************************

Latest Security Training Schedule - http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

*********************** Sponsored Links: ******************************

1) Looking to get more out of SSL VPNs? Read industry analyst Don Jones' new eBooklet "SSL VPNs Lessons Learned"

http://www.sans.org/info.php?id=1181

************************************************************************

PART I Critical Vulnerabilities

Part I is compiled by Rohit Dhamankar and Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Mozilla Firefox and Thunderbird Multiple Vulnerabilities
  • Affected:
    • Firefox versions prior to 1.5.0.4
    • Thunderbird versions prior to 1.5.0.4

  • Description: Mozilla Foundation released version 1.5.0.4 for Firefox browser as well as Thunderbird email client last week. The new versions fix 12 vulnerabilities in Firefox and 8 vulnerabilities in Thunderbird. The most severe of the vulnerabilities can allow a webpage or an HTML email to execute arbitrary code on a user's system. The technical details about the low severity flaws can be obtained from the Mozilla bugzilla. The details about the code execution flaws are not available yet.

  • Status: Upgrade to Firefox and Thunderbird to version 1.5.0.4

  • References:
  • (2) HIGH: F-Secure Products Web Console Buffer Overflow
  • Affected:
    • F-Secure Anti-Virus for Exchange version 6.40
    • F-Secure Internet Gatekeeper versions 6.40-6.42 and 6.50

  • Description: F-Secure's Web console is designed for the web-based management of the anti-virus software. This HTTP server contains a buffer overflow that can be exploited by unauthenticated attackers to execute arbitrary code. The technical details regarding this flaw have not been publicly posted. Note that the web console server is accessible only to the local host in the default configuration. However, for convenience, some administrators may configure access for the web console from any hosts in their network.

  • Status: F-Secure has released hotfixes for the Microsoft Exchange version 6.40 and Internet Gatekeeper version 6.50. Upgrade Internet Gatekeeper to version 6.60. Block HTTP requests to port 25023/tcp (default web console port) from the Internet.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
  • (3) MODERATE: Snort URI Rule Detection Bypass
  • Affected:
    • Snort versions 2.4.x prior to version 2.4.5

  • Description: Snort, a popularly used IDS, contains a vulnerability that can be exploited by an attacker to evade Snort's HTTP attack detection routines. The evasion can be performed by simply adding a carriage return "\r" at the end of an URI in a malicious HTTP request. Note that this technique can be used to bypass a number of Apache webserver attacks detected by Snort.

  • Status: Sourcefire will release fixed versions 2.4.5 and 2.6.0 on June 5th. A third-party patch is currently available for this issue.

  • References:
Other Software
  • (4) HIGH: Alt-N MDaemon IMAP Server Buffer Overflow
  • Affected:
    • Alt-N MDaemon possibly all versions

  • Description: The MDaemon IMAP server reportedly contains a buffer overflow that can be triggered by an IMAP command longer than 99554 bytes. The flaw can be exploited to execute arbitrary code with potentially "SYSTEM" privileges. A proof-of-concept exploit has been publicly posted.

  • Status: Vendor not confirmed, no patches available.

  • References:
  • (5) MODERATE: WeOnlyDo! wodSFTP ActiveX Component Arbitrary File Download
  • Affected:
    • wodSFTP version 3.0.3 and prior

  • Description: wodsFTP is an ActiveX component that supports SFTP client functions. This ActiveX has been wrongly marked as "safe for scripting". A malicious SFTP server can exploit this flaw to download arbitrary files to a client system that has wodsFTP ActiveX installed. Note that several free and commercial FTP servers use this component.

  • Status: No patch is available from the vendor yet. Set the killbit for the wodsFTP ActiveX component. The CLSID for the wodSFTP control is: {6795FA0F-35C3-4BEB-B3AA-F19DB0B228EA}.

  • Council Site Actions: The affected software and/or configuration are not in production or widespread use, or are not officially supported at any of the council sites. They reported that no action was necessary.

  • References:
Exploit Code
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 22, 2006

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5021 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 06.22.1 - CVE: CVE-2006-2642
  • Platform: Windows
  • Title: PHP-Residence Unspecified HTML Injection
  • Description: Php-Residence is a web-based application to track house, apartment, and hotel room rentals. Php-Residence is prone to an unspecified HTML injection vulnerability. This issue affects version 0.6.
  • Ref: http://www.securityfocus.com/bid/18133
  • 06.22.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Malformed HTML Parsing Denial of Service
  • Description: Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue presents itself when the application tries to parse certain malformed HTML content. This results in a NULL pointer dereference in "mshtml.dll", crashing the browser. Internet Explorer 6 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18112
  • 06.22.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer MHTML URI Buffer Overflow
  • Description: Microsoft Internet Explorer is susceptible to a remote buffer overflow vulnerability in "INETCOMM.DLL". This issue is triggered when Internet Explorer attempts to follow excessively long URIs that begin with "mhtml://mid:". This triggers a crash in the "INETCOMM.DLL" library.
  • Ref: http://www.securityfocus.com/archive/1/435492
  • 06.22.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Eitsop My Web Server Remote Denial of Service
  • Description: My Web Server is a web server. It is exposed to a denial of service issue when handling malformed "GET" requests. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18144
  • 06.22.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow
  • Description: Alt-N MDaemon is a mail server product. It is vulnerable to a remote buffer overflow issue when attempting to parse malformed input of approximately 99 kilobytes of data. Alt-N MDaemon versions 8.1.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18129
  • 06.22.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZipCentral ZIP File Buffer Overflow
  • Description: ZipCentral is an application designed to process compressed ZIP files. It is susceptible to a buffer overflow vulnerability. This issue occurs when the affected software tries to process ZIP files containing overly long embedded filenames. Version 4.01 of ZipCentral is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18160
  • 06.22.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Etype Eserv Multiple Input Validation Vulnerabilities
  • Description: Eserv is an IMAP and HTTP server. It is vulnerable to multiple input validation issues such as source code disclosure and directory traversal. These issues are due to insufficient sanitization of user-supplied input. Eserv versions 3.25 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435415
  • 06.22.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WeOnlyDo SFTP ActiveX Control Remote Arbitrary File Access
  • Description: The wodSFTP ActiveX control provides Secure File Transfer Protocol (SFTP) functionality to an application that uses it. It is prone to an arbitrary file access vulnerability because the control is incorrectly marked "safe for scripting" by the "IObjectSafety" interface.
  • Ref: http://www.securityfocus.com/bid/18192
  • 06.22.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: F-Secure Multiple Products Web Console Buffer Overflow
  • Description: F-Secure Internet Gatekeeper is designed for gateway deployed content-filtering to protect against various malware. It is affected by a buffer overflow issue due to insufficient sanitization of user data. F-Secure Internet Gatekeeper version 6.60 is affected.
  • Ref: http://www.securityfocus.com/bid/18201
  • 06.22.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware Server User Credentials Disclosure
  • Description: VMware Server is a virtual machine server. It is vulnerable to a weakness that may disclose user credentials because the server retains user credentials in memory. VMware Server versions before RC1 are vulnerable.
  • Ref: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2124
  • 06.22.11 - CVE: CVE-2006-1856
  • Platform: Linux
  • Title: Linux Kernel LSM ReadV/WriteV Security Restriction Bypass
  • Description: The Linux kernel is susceptible to a security restriction bypass issue because the kernel fails to properly enforce Security Module security checks. Linux kernel versions prior to 2.6.16.12 are vulnerable.
  • Ref: http://rhn.redhat.com/errata/RHSA-2006-0493.html
  • 06.22.12 - CVE: CVE-2006-1174
  • Platform: Linux
  • Title: Shadow-Utils UserAdd Local Insecure Permissions
  • Description: The useradd utility creates new user accounts on Linux computers. It is available as a part of the shadow-utils package. The useradd utility in shadow-utils is susceptible to a local insecure permissions vulnerability. This issue is due to a race condition between when user mailboxes are created and when permissions are set on the file. Version 4.0.3 of shadow-utils is vulnerable.
  • Ref: http://cvs.pld.org.pl/shadow/src/useradd.c
  • 06.22.13 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Netfilter Do_Add_Counters Local Race Condition
  • Description: The Linux kernel is susceptible to a local race condition vulnerability in the "do_add_counters()" function. This issue is exploitable only by local users who have superuser privileges or have the CAP_NET_ADMIN capability. Linux kernel versions prior to 2.6.16.17 in the 2.6 series are affected.
  • Ref: http://www.securityfocus.com/bid/18113
  • 06.22.14 - CVE: CVE-2005-0489
  • Platform: Linux
  • Title: Linux Kernel Invalid Proc Memory Access Local Denial of Service
  • Description: The Linux kernel is exposed to a denial of service vulnerability due to a flaw in the "proc" filesystem that may lead to attempts to access previously freed memory. Linux kernel versions prior to 2.4.27 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.27
  • 06.22.15 - CVE: CVE-2006-1589
  • Platform: Linux
  • Title: Linux Kernel ELF Loader Mismatched Architecture Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service vulnerability. This issue is due to a flaw in the ELF object file loader. This issue affects Linux kernel versions prior to 2.4.25.
  • Ref: http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25
  • 06.22.16 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel MIPS Ptrace Local Privilege Escalation
  • Description: The Linux kernel is susceptible to a local privilege escalation vulnerability. This issue occurs only on MIPS architectures in the ptrace facility.
  • Ref: http://www.securityfocus.com/bid/18176
  • 06.22.17 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel MREMAP Local Privilege Escalation
  • Description: The Linux kernel is susceptible to a local privilege escalation vulnerability due to an unspecified flaw in "mremap". Linux kernel versions prior to 2.4.25 are affected.
  • Ref: http://www.securityfocus.com/bid/18177
  • 06.22.18 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Proc dentry_unused Corruption Local Denial of Service
  • Description: The Linux kernel is prone to a local denial of service vulnerability. This issue affects Linux kernel versions 2.6.15 through 2.6.17-rc5 on multiprocessor computers running SMP kernels.
  • Ref: http://marc.theaimsgroup.com/?l=linux-kernel&m=114860432801543&w=2
  • 06.22.19 - CVE: Not Available
  • Platform: Linux
  • Title: Typespeed Remote Buffer Overflow
  • Description: Typespeed is a game designed to test typing skills. It is susceptible to a remote buffer overflow vulnerability. This issue reportedly occurs in the processing of network data. Typespeed versions 0.4.1 and 0.4.4 are vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18194
  • 06.22.20 - CVE: Not Available
  • Platform: Linux
  • Title: GNOME Evolution Email Attachment Denial Of Service
  • Description: Evolution is an email client for the GNOME desktop. There is a remote denial of service vulnerability due to improper handling of attachements in "em-utils.c". GNOME Evolution versions 2.37 and earlier are affected.
  • Ref: http://bugzilla.gnome.org/attachment.cgi?id=49694&action=view
  • 06.22.21 - CVE: CVE-2006-2654
  • Platform: BSD
  • Title: FreeBSD SMBFS CHRoot Security Restriction Bypass
  • Description: FreeBSD is prone to a security restriction bypass vulnerability affecting the chroot implementation. The problem affects chroot inside of an SMB-mounted filesystem (smbfs). An attacker can bypass the filesystem security restriction through use of directory traversal strings.
  • Ref: http://www.securityfocus.com/bid/18202
  • 06.22.22 - CVE: Not Available
  • Platform: BSD
  • Title: FreeBSD YPServ Inoperative Access Control
  • Description: YPServ is a utility which distributes NIS databases to client systems within an NIS domain. It is vulnerable to an inoperative access controls issue due to a change in the build process that resulted in the "securenets" access restrictions to be ignored. FreeBSD versions 6.0-STABLE and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18204
  • 06.22.23 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX LSMCode Local Privilege Escalation
  • Description: The "lsmcode" command is an administrative command used to display firmware and microcode information. IBM AIX is susceptible to a local vulnerability in the "lsmcode" command that allows attackers to execute arbitrary machine code with superuser privileges. This facilitates the complete compromise of affected computers. IBM AIX versions 5.1, 5.2, and 5.3 are affected by this issue.
  • Ref: http://www.securityfocus.com/bid/18114
  • 06.22.24 - CVE: Not Available
  • Platform: Unix
  • Title: rug SSL Certificates Man In The Middle Vulnerability
  • Description: rug is a remote administration tool. It is affected by a man-in-the-middle issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18193
  • 06.22.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apache James SMTP Denial Of Service
  • Description: James is the Apache Java Enterprise Mail and News Server. James is vulnerable to a remote denial of service issue due to insufficient handling of malformed SMTP commands with excessively long arguments. Apache James versions 2.2.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435278
  • 06.22.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Vixie Cron PAM_Limits Local Privilege Escalation
  • Description: Vixie cron is a scheduling daemon. It is susceptible to a local privilege escalation vulnerability. This issue presents itself when pam_limits is utilized to enforce process limits. This issue allows local attackers that have been authorized to execute cron jobs to execute arbitrary commands with superuser privileges. Vixie cron version 4.1 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/bid/18108
  • 06.22.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Open-Xchange Open Source Edition Default Credentials
  • Description: Open-Xchange is a package of various other software packages designed to create an integrated server platform for directory services, email, and web services. It is vulnerable to a default credential creation due to a flaw in the installation process that results in an unintended account being created. Open-Xchange version 0.8.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435198
  • 06.22.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP cURL Encoded NULL Character Safe_Mode Restriction Bypass
  • Description: PHP is a general purpose scripting language. PHP cURL is vulnerable to a safe_mode restriction bypass issue due to a mismatching of behaviors between the safe_mode restriction filename checking code in PHP, and what cURL actually attempts to fetch. PHP versions 5.1.4 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435194
  • 06.22.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: aMule Remote Information Disclosure
  • Description: aMule is a peer to peer application. It is vulnerable to an information disclosure issue when it receives HTTP GET requests with an unspecified URI input. aMule versions 2.1.2 and earlier are vulnerable.
  • Ref: http://www.amule.org/wiki/index.php/Changelog_2.1.2
  • 06.22.30 - CVE: CVE-2006-2480
  • Platform: Cross Platform
  • Title: Dia Multiple Unspecified Remote Format String Vulnerabilities
  • Description: Dia is a gtk-based program for creating diagrams. Dia is prone to multiple unspecified format string vulnerabilities.
  • Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
  • 06.22.31 - CVE: CVE-2006-0405
  • Platform: Cross Platform
  • Title: LibTIFF TIFFFetchShortPair Null Pointer Dereference Denial of Service
  • Description: LibTIFF is a library designed for the reading and manipulation of Tag Image File Format (TIFF) files. The TIFFFetchShortPair function in tif_dirread.c in Libtiff is vulnerable to a denial of service when a crafted TIFF image triggers a NULL pointer dereference. LibTIFF versions 3.8.0 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/0302
  • 06.22.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-Lib HTTP Response Buffer Overflow
  • Description: The xine-lib library is a C library. It is vulnerable to a buffer overflow issue when the library tries to make remote HTTP requests. xine-lib versions 1.1.1 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18187/info
  • 06.22.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Secure Elements Class 5 AVR Multiple Remote Vulnerabilities
  • Description: Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is susceptible to multiple vulnerabilities. These issues affect both clients and servers. Please refer to the link below for details.
  • Ref: http://www.securityfocus.com/archive/1/435492
  • 06.22.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Snort URIContent Rules Detection Evasion
  • Description: Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. The problem occurs when a malicious URL has a carriage return at the end, directly before the HTTP protocol declaration. This vulnerability affects Snort versions 2.4.0 through 2.4.4.
  • Ref: http://www.securityfocus.com/bid/18200
  • 06.22.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation released thirteen security advisories specifying security vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. Please refer to the link below for details.
  • Ref: http://www.securityfocus.com/bid/18228
  • 06.22.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
  • Description: TikiWiki is a web-based wiki application. It is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. TikiWiki version 1.9.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/18143
  • 06.22.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ASPBB Perform_search.ASP Cross-Site Scripting
  • Description: ASPBB is a web-based bulletin board application implemented in ASP. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "search" parameter of the "perform_search.asp" script. This issue affects version 0.5.2.
  • Ref: http://www.securityfocus.com/bid/18146
  • 06.22.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Photoalbum B&W Index.PHP Cross-Site Scripting
  • Description: Photoalbum B&W is a web-based photo gallery application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "op" parameter of the "index.php" script. Photoalbum B&W version 1.3 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435294
  • 06.22.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chipmunk Guestbook Index.PHP Cross-Site Scripting
  • Description: Chipmunk Guestbook is a guestbook web application implemented in PHP. It is prone to a cross-site scripting vulnerability.
  • Ref: http://www.securityfocus.com/archive/1/435196
  • 06.22.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chipmunk Directory Index.PHP Cross-Site Scripting
  • Description: Chipmunk Directory is a link indexing web application. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "start" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/18119
  • 06.22.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AR-Blog Multiple Cross-Site Scripting Vulnerabilities
  • Description: AR-Blog is a web log application. Insufficient sanitization of the "count", "year" and "month" parameters in the "index.php" script exposes the application to multiple cross-site scripting issues. AR-Blog version 5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18120
  • 06.22.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vCard Multiple Cross-Site Scripting Vulnerabilities
  • Description: vCard is greeting card software implemented in PHP. It is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input to various scripts.
  • Ref: http://www.securityfocus.com/bid/18122
  • 06.22.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CoolPHP Index.PHP Cross-Site Scripting
  • Description: CoolPHP is a web-based portal application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "op" parameter of the "index.php" script. All versions of CoolPHP are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18124
  • 06.22.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TuttoPHP Multiple Products View.PHP Cross-Site Scripting
  • Description: Morris Guestbook, Smile Guestbook and Pretty Guestbook are guestbook applications implemented in PHP. They are prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "pagina" parameter of the "view.php" script.
  • Ref: http://www.securityfocus.com/bid/18128
  • 06.22.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Vacation Rental Script Index.PHP Cross-Site Scripting
  • Description: Vacation Rental Script is a web-based property-management application implemented in PHP. Insufficient sanitization of the "obj" parameter in the "index.php" script exposes the application to an cross-site scripting issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18134
  • 06.22.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F@cile Interactive Web P-Themes Cross-Site Scripting
  • Description: F@cile Interactive Web is a web-based content management system. Insufficient sanitization of the "mytheme" and "myskin" parameters in the "index.inc.php" script exposes the application to a cross-site scripting issue. F@cile Interactive Web versions 0.8.41 to version 0.8.5 are affected.
  • Ref: http://www.securityfocus.com/bid/18151
  • 06.22.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: UBBThreads Index.PHP Cross-Site Scripting
  • Description: UBBThreads is a web-based message reader application implemented in PHP. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "debug" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/18152
  • 06.22.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EVA-Web Multiple Cross-Site Scripting Vulnerabilities
  • Description: EVA-Web is a website publishing application. Insufficient sanitization of user-supplied input exposes the application to multiple cross-site scripting issues. EVA-Web versions 2.1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18161
  • 06.22.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site Scripting
  • Description: The D-Link Airspot DSA-3100 Gateway is an internet connectivity and packet routing device. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "uname" parameter of "login_error.shtml".
  • Ref: http://www.securityfocus.com/bid/18168
  • 06.22.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: toendaCMS Index.PHP Cross-Site Scripting
  • Description: toendaCMS is a content management application implemented in PHP. It is prone to a cross-site scripting vulnerability due to improper sanitization of user-supplied input to the "id" parameter of the "index.php" script. toendaCMS version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/18178
  • 06.22.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: toendaCMS Content_footer.PHP Cross-Site Scripting
  • Description: toendaCMS is a content management application. It is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input to the "print_url" parameter of the "engine/extensions/ext_footer/content_footer.php" script. toendaCMS version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/18207
  • 06.22.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: QontentOne CMS Search.PHP Cross-Site Scripting
  • Description: QontentOne CMS is a content management application implemented in PHP. It is prone to a cross-site scripting vulnerability due to a improper sanitization of user-supplied input to the "search_phrase" parameter of the "search.php" script.
  • Ref: http://www.securityfocus.com/bid/18209
  • 06.22.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VisionGate Portal System Print.PHP Cross-Site Scripting
  • Description: VisionGate Portal System is a content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "idx" parameter of the "print.php" script. All versions of VisionGate Portal Systems are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18217
  • 06.22.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Enigma Haber Cross-Site Scripting
  • Description: Enigma Haber is a content management application. It is vulnerable to a cross-site scripting issue due to insufficient sanitization of user-supplied input to the "il" parameter of the "hava.asp" script. Enigma Haber version 4.2 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18226/info
  • 06.22.55 - CVE: CVE-2006-0349
  • Platform: Web Application - SQL Injection
  • Title: Epic Designs Eggblog Posts.PHP SQL Injection
  • Description: Epic Designs Eggblog is a web-based tutoring application implemented in PHP. Epic Designs Eggblog is prone to an SQL injection vulnerability. Version 3.06 is vulnerable to this issue.
  • Ref: http://www.securityfocus.com/archive/1/435284
  • 06.22.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SaPHPLesson Show.PHP SQL Injection
  • Description: SaPHPLesson is a web-based tutoring application. SaPHPLesson is exposed to an SQL injection issue due to insufficient sanitization of data passed to the "lessid" parameter of the "show.php" script. Arabless.com SaphpLesson version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/435202
  • 06.22.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mini-NUKE Your_Account.ASP Multiple SQL Injection Vulnerabilities
  • Description: Mini-NUKE is a content management application. It is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input to the "theme", "yas_1", "yas_2" and "yas_3" parameters of the "Your_Account.asp" script. MiniNuke CMS version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/18126
  • 06.22.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Enigma Haber Multiple SQL Injection Vulnerabilities
  • Description: Enigma Haber is a web-based application implemented in ASP. The application is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. Enigma Haber versions 4.3 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435282
  • 06.22.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blend Portal Blend_common.PHP Remote File Include
  • Description: Blend Portal is a web-based portal application. It is vulnerable to a remote file include issue due to insufficient sanitization of user-supplied input to the "phpbb_root_path" variable of the "blend_common.php" script. Blend Portal versions 1.2.0 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435298
  • 06.22.60 - CVE: CVE-2006-2638
  • Platform: Web Application - SQL Injection
  • Title: qjForum Member.ASP SQL Injection
  • Description: qjForum is a web-based forum application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "uName" parameter of the "member.asp" script. All versions of qjForum are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18164
  • 06.22.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Achievo Class.employee.inc SQL Injection
  • Description: Achievo is a web-based resource management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "atkselector" parameter of the "class.employee.inc" script. Achievo versions 1.2 and earlier are vulnerable.
  • Ref: http://www.achievo.org/download/releasenotes/1_2_1
  • 06.22.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Hitachi HITSENSER3 SQL Injection
  • Description: HITSENSER3 is exposed to an SQL injection vulnerability due to insufficient validation of input to the functions "configuration function" and "Multidimensional Data Analyzer". Hitachi HITSENSER3 Versions 01-08 and 01-02 are affected.
  • Ref: http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html
  • 06.22.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 4nForum Modules.PHP SQL Injection
  • Description: 4nForum is a web-based forum application. It is prone to an SQL injection vulnerability due to insufficient sanitization of user-supplied input to the "tid" parameter of the "modules.php" script.
  • Ref: http://www.securityfocus.com/bid/18184
  • 06.22.64 - CVE: CVE-2006-1683
  • Platform: Web Application - SQL Injection
  • Title: Chipmunk Guestbook Index.PHP SQL Injection
  • Description: Chipmunk Guestbook is a guest book application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "start" parameter of "index.php" before using it in an SQL query. Chipmunk Guestbook versions 1.4 and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/1323
  • 06.22.65 - CVE: CVE-2006-2463
  • Platform: Web Application - SQL Injection
  • Title: SelectaPix View_album.PHP SQL Injection
  • Description: SelectaPix is a web-based image gallery. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "albumID" parameter of the "view_album.php" script. SelectaPix version 1.4 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18196/info
  • 06.22.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin Portal.PHP SQL Injection
  • Description: vBulletin is a web-based bulletin board application. vBulletin is prone to an SQL injection issue due to insufficient sanitization of user-supplied input to the "featureid" parameter of "portal.php" script. VBulletin version 3.0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/18197
  • 06.22.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPNuke Article.ASP SQL Injection
  • Description: ASPNuke is web-portal software. Insufficient sanitization of the "articleid" parameter of the "article.asp" script exposes the application to an SQL injection issue. ASPNuke version 0.80 is affected.
  • Ref: http://www.securityfocus.com/bid/18215/info
  • 06.22.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tekno.Portal Bolum.PHP SQL Injection
  • Description: Tekno.Portal is a web-based portal implemented in PHP. It is prone to an SQL injection vulnerability due to improper sanitization of user-supplied input to the "id" parameter of the "bolum.php" script.
  • Ref: http://www.securityfocus.com/bid/18216
  • 06.22.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Abarcar Realty Portal Content.PHP SQL Injection
  • Description: Abarcar Realty Portal is a web-based portal. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "cat" parameter of the "content.php" script. Abarcar Realty Portal version 5.1.5 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18218/info
  • 06.22.71 - CVE: CVE-2006-2753
  • Platform: Web Application - SQL Injection
  • Title: MySQL Mysql_real_escape Function SQL Injection
  • Description: MySQL is a Database Management System. The application is exposed to an SQL injection issue due to insufficient sanitization of user-supplied input in the "mysql_real_escape()" function. MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are affected.
  • Ref: http://lists.mysql.com/announce/364
  • 06.22.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: aspWebLinks Links.ASP SQL Injection
  • Description: aspWebLinks is a web link management application. It is vulnerable to an SQL injection issue due to insufficient sanitization of user-supplied input to the "linkID" parameter of the "links.asp" script. aspWeblinks version 2.0 is vulnerable.
  • Ref: http://milw0rm.com/exploits/1859
  • 06.22.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Hot Open Tickets Multiple Remote File Include Vulnerabilities
  • Description: Hot Open Tickets is a helpdesk application. It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to the "CLASS_PATH" parameter of multiple scripts. Hot Open Tickets version 11012004_ver2f is vulnerable.
  • Ref: http://milw0rm.com/exploits/1835
  • 06.22.74 - CVE: Not Available
  • Platform: Web Application
  • Title: ByteHoard Index.PHP File Overwrite
  • Description: ByteHoard is a web-based file-upload/download application. ByteHoard can expose privileged data due to insufficient sanitization of the input to the "InFolder" parameter while copying files. Bytehoard Version 2.1 Delta is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?group_id=90199&release_id=42054
    9
  • 06.22.75 - CVE: Not Available
  • Platform: Web Application
  • Title: iFusion iFDate Multiple HTML Injection Vulnerabilities
  • Description: iFusion iFDate is a web-based online dating application. It is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input to various scripts. iFusion iFdate version 1.2 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435010
  • 06.22.76 - CVE: Not Available
  • Platform: Web Application
  • Title: DoceboLMS Multiple Remote File Include Vulnerabilities
  • Description: DoceboLMS is an e-learning application. It is vulnerable to multiple remote file include issues because the application fails to properly sanitize user-supplied input to various parameters. DoceboLMS versions 3.0.3 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18109/info
  • 06.22.77 - CVE: Not Available
  • Platform: Web Application
  • Title: DoceboLMS Lang Parameter Multiple Remote File Include Vulnerabilities
  • Description: DoceboLMS is an e-learning application. DoceboLMS is exposed to arbitrary code execution due to insufficent sanitiziation of input to the "lang" parameter of the scripts "/modules/credits/help.php", "/modules/credits/business.php" and "/modules/credits/credits.php". DoceboLMS versions 2.0.5 and earlier are affected.
  • Ref: http://milw0rm.com/exploits/1828
  • 06.22.78 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-AGTC Membership System Adduser.PHP HTML Injection
  • Description: PHP-AGTC membership system is a web-based user-management system. Insufficient sanitization of the "usermail" parameter in the "adduser.php" script exposes the application to an HTML injection issue. PHP-AGTC version 1.1a is affected.
  • Ref: http://www.securityfocus.com/bid/18127
  • 06.22.79 - CVE: CVE-2006-2634
  • Platform: Web Application
  • Title: Seditio Referer HTTP Header HTML Injection
  • Description: Seditio is a website engine and content management system. It is vulnerable to an HTML injection issue due to insufficient sanitization of the HTTP referer data before being stored in log files. Seditio version 102 is vulnerable.
  • Ref: http://yns.zaxaz.com/advisories/seditio.txt
  • 06.22.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Assetman Unspecified HTML Injection
  • Description: Assetman is a web-based application to track company assets. It is vulnerable to an HTML injection issue due to insufficient sanitization of input before using it in dynamically generated content. Assetman version 2.4a is affected.
  • Ref: http://www.securityfocus.com/bid/18131
  • 06.22.81 - CVE: Not Available
  • Platform: Web Application
  • Title: ezUpload Path Parameter Multiple Remote File Include Vulnerabilities
  • Description: ezUpload is a PHP script that lets users or visitors upload files to the server. It is prone to multiple remote file include vulnerabilities because the application fails to properly sanitize user-supplied input to the "path" parameter of multiple scripts. ezUpload version 2.10 is affected.
  • Ref: http://www.securityfocus.com/bid/18135
  • 06.22.82 - CVE: Not Available
  • Platform: Web Application
  • Title: ByteHoard Index.PHP HTML Injection
  • Description: ByteHoard is a web-based file upload/download application implemented in PHP. It is prone to an HTML injection vulnerability due to improper sanitization of user-supplied input to the "description" parameter of the "index.php" script. This issue affects version 2.1 Delta.
  • Ref: http://www.securityfocus.com/bid/18136
  • 06.22.83 - CVE: Not Available
  • Platform: Web Application
  • Title: tinyBB Multiple Input Validation Vulnerabilities
  • Description: tinyBB is a bulletin board application. tinyBB is exposed to multiple input validation vulnerabilities due to insufficient sanitization of inputs. Please refer to the link below for more details. Epic Designs tinyBB Version 0.3 is affected.
  • Ref: http://www.nukedx.com/?viewdoc=33
  • 06.22.84 - CVE: Not Available
  • Platform: Web Application
  • Title: F@cile Interactive Web Multiple Remote File Include Vulnerabilities
  • Description: F@cile Interactive Web is a web-based content management system implemented in PHP. It is prone to multiple remote file include vulnerabilities due to improper sanitization of user-supplied input. These issues affect versions 0.8.41 through to 0.8.5.
  • Ref: http://www.securityfocus.com/bid/18149
  • 06.22.85 - CVE: CVE-2006-0823,CVE-2006-1069
  • Platform: Web Application
  • Title: Geeklog Multiple Input Validation Vulnerabilities
  • Description: Geeklog is a web log application. It is vulnerable to multiple input validation issues due to insufficient sanitization of user-supplied input to various scripts. Geeklog versions 1.4.0sr2 and earlier are vulnerable.
  • Ref: http://kapda.ir/advisory-336.html
  • 06.22.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPBB-Amod Lang_Activity.PHP Remote File Include
  • Description: PHPBB-Amod is an arcade module for PHPBB. It is exposed to a remote file include vulnerability due to insufficient sanitization of input to the "phpbb_root_path" variable of "lang_activity.php". PHPBB-arcade and PHPBB-Amod version 2.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/435286
  • 06.22.87 - CVE: Not Available
  • Platform: Web Application
  • Title: nukedit Register.ASP Unauthorized Access
  • Description: nukedit is a web-based content management system implemented in ASP. nukedit is prone to an unauthorized access vulnerability. This issue affects version 4.9.6.
  • Ref: http://www.kapda.ir/advisory-337.html
  • 06.22.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure
  • Description: Nivisec Hacks List is a module for the phpBB bulletin board application. It is prone to an information disclosure vulnerability due to improper sanitization of user-supplied input to the "phpEx" parameter of the "admin_hacks_list.php" script. Nivisec Hacks List versions 1.2 and prior are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18162
  • 06.22.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Fastpublish CMS Multiple Remote File Include Vulnerabilities
  • Description: Fastpublish CMS is a web-based content management system (CMS). It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to various scripts. Fastpublish versions 1.6.9.d and earlier are vulnerable.
  • Ref: http://www.frsirt.com/english/advisories/2006/2034
  • 06.22.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Mozilla Firefox Marquee Denial of Service
  • Description: Mozilla Firefox is exposed to a denial of service issue due to improper handling of nested "marquee" tag. Mozilla Firefox Version 1.5.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/435373
  • 06.22.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities
  • Description: Open Searchable Image Catalogue is affected by multiple cross-site scripting and SQL injection issues. Open Searchable Image Catalogue versions 0.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/18169
  • 06.22.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Speedy Asp Discussion Forum Authentication Bypass
  • Description: Speedy Asp Discussion Forum is a web-based discussion forum application. It is prone to an authentication bypass vulnerability because the "profileupdate.asp" script fails to require proper authentication credentials.
  • Ref: http://www.securityfocus.com/bid/18170
  • 06.22.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Gnopaste Common.PHP Remote File Include
  • Description: Gnopaste is a tool for manipulating source code. It is vulnerable to a remote file include because the "root_path" parameter of the "common.php" script is not properly initialized before being used in the file path of an "include()" function call. Gnopaste versions 0.5.3 and earlier are vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1851
  • 06.22.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPMyDesktop|arcade Index.PHP Local File Include
  • Description: phpMyDesktop|arcade is a web-based gaming tool. Insufficient sanitization of the "subsite" parameter of the "index.php" script exposes the application to a local file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18185
  • 06.22.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke Multiple Remote File Include Vulnerabilities
  • Description: PHP-Nuke is a web-based content management system implemented in PHP. It is prone to multiple remote file include vulnerabilities due to improper sanitization of user-supplied input to various scripts. PHP-Nuke versions 7.0 through 7.9 are affected.
  • Ref: http://www.securityfocus.com/bid/18186
  • 06.22.96 - CVE: Not Available
  • Platform: Web Application
  • Title: pppBlog Randompic.PHP Directory Traversal
  • Description: pppBlog is a web-based blog and image gallery application. It is vulnerable to a directory traversal issue due to insufficient sanitization of user-supplied input to the "files" parameter of the "randompic.php" script. pppBlog version 0.3.8 is vulnerable.
  • Ref: http://www.securityfocus.com/archive/1/435406
  • 06.22.97 - CVE: Not Available
  • Platform: Web Application
  • Title: OSTicket Open_form.PHP Remote File Include
  • Description: OSTicket is an open source support ticket system. OSTicket is prone to an arbitrary code execution due to insufficient validation of input to the "include_path" variable of the "open_form.php" script. OSTicket versions 1.3 and earlier are affected.
  • Ref: http://www.osticket.com/news/sec,05,01.html
  • 06.22.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Squirrelmail Redirect.PHP Local File Include
  • Description: Squirrelmail is a web-based mail application. It is prone to a local file include vulnerability because it fails to properly sanitize user-supplied input to the "plugins[]" parameter of the "redirect.php" script. SquirrelMail versions 1.4.7 and earlier are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18231
  • 06.22.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Ovidentia Multiple Remote File Include Vulnerabilities
  • Description: ovidentia is a web-portal application. Insufficient sanitization of user-supplied input exposes the application to multiple file include issues. ovidentia version 5.8 is affected.
  • Ref: http://www.securityfocus.com/bid/18232
  • 06.22.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Hogstorps Guestbook Message Post Multiple HTML Injection Vulnerabilities
  • Description: Hogstorps guestbook is vulnerable to multiple HTML injection issues due to insufficient sanitization of user-supplied input to the "name", "email", and "headline" parameters. Hogstorps version 2.0 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18203/info
  • 06.22.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Hogstorps Guestbook Unauthorized Access
  • Description: Hogstorps guestbook is a guestbook application. It is vulnerable to unauthorized access because the script fails to validate any access. Hogstorps guestbook 2.0 is affected.
  • Ref: http://colander.altervista.org/advisory/HTGuestBook2.txt
  • 06.22.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Ottoman Multiple Remote File Include Vulnerabilities
  • Description: Ottoman is a web-based content management system. Insufficient sanitization of the "default_path" parameter exposes the application to a remote file include issue. Ottoman version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/18208
  • 06.22.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Techno Dreams Guest Book Comment Field HTML Injection
  • Description: Techno Dreams Guest Book is vulnerable to an HTML injection issue due to insufficient sanitization of user-supplied input to the "comments" field on the "Sign Our Guestbook" page. All versions of Techno Dreams are vulnerable.
  • Ref: http://colander.altervista.org/advisory/TDGuestBook.txt
  • 06.22.104 - CVE: Not Available
  • Platform: Web Application
  • Title: METAjour Multiple Remote File Include Vulnerabilities
  • Description: METAjour is a web-based content management system (CMS). It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to various scripts. METAjour version 2.1 is vulnerable.
  • Ref: http://milw0rm.com/exploits/1855
  • 06.22.105 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar Index.PHP Information Disclosure
  • Description: WebCalendar is a calendar application, written in PHP. WebCalendar is prone to an information disclosure vulnerability. WebCalendar version 1.0.3 is vulnerable.
  • Ref: http://www.securityfocus.com/bid/18175
  • 06.22.106 - CVE: Not Available
  • Platform: Web Application
  • Title: PmWiki Multiple HTML Injection Vulnerabilities
  • Description: PmWiki is a guestbook application. It is prone to multiple HTML injection vulnerabilities due to improper sanitization of user-supplied input to the "upload.php" script. This issue affects PmWiki version 2.1.6.
  • Ref: http://www.securityfocus.com/bid/18214
  • 06.22.107 - CVE: Not Available
  • Platform: Web Application
  • Title: AssoCIateD Multiple Remote File Include Vulnerabilities
  • Description: AssoCIateD is a web-based content management system. It is vulnerable to an arbitrary code execution issue due to insufficient sanitization of input parameters in the "cache_mngt.php" and "gallery_functions.php" script. AssoCIateD version 1.1.3 is vulnerable.
  • Ref: http://www.milw0rm.com/exploits/1858
  • 06.22.108 - CVE: Not Available
  • Platform: Web Application
  • Title: IShopCart Multiple Buffer Overflow Vulnerabilities
  • Description: iShopCart is a web-based shopping cart application written in C and compiled and run as a CGI application. iShopCart is prone to multiple buffer-overflow vulnerabilities.
  • Ref: http://www.securityfocus.com/archive/1/435597
  • 06.22.109 - CVE: Not Available
  • Platform: Web Application
  • Title: iShopCart Easy-Scart.CGI Directory Traversal
  • Description: iShopCart is a web-based shopping cart application. It is prone to a directory traversal vulnerability due to improper sanitization of user-supplied input to the "easy-scart.cgi" script. All versions of iShopCart are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18223
  • 06.22.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Goss ICM CMS Multiple HTML Injection Vulnerabilities
  • Description: Goss ICM CMS is a content management application implemented in Coldfusion. It is prone to multiple HTML injection vulnerabilities due to improper sanitization of user-supplied input to various scripts. All versions of Goss ICM CMS are vulnerable.
  • Ref: http://www.securityfocus.com/bid/18221
  • 06.22.111 - CVE: Not Available
  • Platform: Web Application
  • Title: REDAXO Multiple Remote File Include Vulnerabilities
  • Description: REDAXO is a web-based content management system (CMS). It is vulnerable to multiple remote file include issues due to insufficient sanitization of user-supplied input to various scripts. REDAXO versions 3.0 and earlier are vulnerable.
  • Ref: http://milw0rm.com/exploits/1861
  • 06.22.112 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Discussion Forum Search Field HTML Injection
  • Description: ASP Discussion Forum is a forum application. ASP Discussion Forum is exposed to an HTML injection issue due to insufficient sanitization of input to the "search" field on the "forum_search.asp" page.
  • Ref: http://colander.altervista.org/advisory/ASPDisc.txt
  • 06.22.113 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBloggie Multiple Remote File Include Vulnerabilities
  • Description: MyBloggie is a web log application. Insufficient sanitization of the "mybloggie_root_path" parameter of the "admin.php" and "scode.php" scripts expose the application to a remote file include issue. All current versions are affected.
  • Ref: http://www.securityfocus.com/bid/18241

(c) 2006. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

==end==

Subscriptions: @RISK is distributed free of charge to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The information presented is priceless!
-Nehal Parmar, North Fork Bank

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU